mechanisms to deploy/install for testing
by John Dennis
We utilize RH-SSO/Keycloak as the authentication component in many of
our products. When our QE team does testing the automated testing needs
to install and configure RH-SSO/Keycloak. At the moment the QE team is
bypassing automation and is installing and configuring RH-SSO/Keycloak
manually because they lack an automated process.
I was asked to inquire how the keycloak team does their automated
testing with the hope your tools can be utilized so we don't have to
build something from scratch.
To put things in context this is for the platform group which does not
traditionally deal with middleware and the Java ecosystem. Software
installation is exclusively done with RPM's. Preferred methods are:
1) Ansible playbooks
2) Puppet manifests
3) Shell scripts
Can you describe how your testing is performed and/or point us to
documentation and/or repositories with the tools.
Thanks,
--
John
7 years, 12 months
regarding expired sessions and token life-span
by Kishan Sagathiya
Hi,
I am trying to figure out how Keycloak deals with expired sessions and how
token lifespan affects Keycloak database size and performance.
But I dont understand the directory structure and where to find the
relevant code.
If someone could give some pointers regarding this that would be great
Thanks :)
-Kishan Sagathiya
7 years, 12 months
DOCS: change to Auth Services /topics file structure
by Tana Berry
Hello Keycloakers and Red Hatters. I'm Tana, good to meet you all,
virtually! :-) As I am new to Red Hat and to the Keycloak community, here's
a bit more background about me, hopefully nothing too shocking:
https://github.com/tanberry and https://twitter.com/tanamarieberry.
This is a quick heads up to our community and developers that we plan to
merge PR #184 <https://github.com/keycloak/keycloak-documentation/pull/184>
this
week, probably Wednesday or Thursday. This merge will convert the
Authorization Services Guide to a flat file structure, meaning all topics
for this book will be in a single dir, and not nested into separate
directories or "chapters". We plan to convert only this one book for
3.x/7.2, and use it as a POC, because we want to keep changes to a minimum
for 7.2.
In RH-SSO 7.3 release we will convert the remaining books. There are
several reason for changing to a flat-file structure (visual findability in
dirs, flexibility when new topics are added or existing topics are moved,
to have unique file names, enhanced SEO...).
Please let us know if you have any questions, concerns, or comments; we
want your feedback!
Thanks, and I look forward to working with the Keycloak/SSO team!
tana
7 years, 12 months
ConcurrencyTest failures
by Marko Strukelj
I've been getting intermittent ConcurrencyTest failures.
Tests in error:
ConcurrencyTest.testAllConcurrently:57->concurrentTest:49->AbstractConcurrencyTest.run:53->AbstractConcurrencyTest.run:96
» Runtime
I'm unable to reliably replicate it but it never happens when running
ConcurrencyTest alone (i.e. -Dtest=ConcurrencyTest) but always as part of
full testsuite 30 mins into the run.
I propose to add:
static boolean runIntermittentlyFailingTests() {
return "true".equals(System.getProperty("test.intermittent"));
}
in AbstractKeycloakTest.java and check at the beginning of
ConcurrencyTest.java#testAllConcurrently():
if (!runIntermittentlyFailingTests()) {
System.out.println("TEST SKIPPED - This test currently suffers
from intermittent failures. Use -Dtest.intermittent=true to run it.");
return;
}
7 years, 12 months
KEYCLOAK-5032 - Implementation question
by carl-kristian.eriksen@telia.no
https://issues.jboss.org/browse/KEYCLOAK-5032 describes two requested query parameters: acr_values and nonce
Our requirements are for acr_values and prompt, and I’m working on a pull request for these two.
How many pull requests do you want?
Should I make sure that (each)PR includes support for one, two or three query parameters
Can the “prompt” parameter be added to KEYCLOAK-5032, or do I need another Jira task for the “prompt” parameter?
Br / mvh
Carl Kristian Eriksen
t: +47 95147848
VEGA / GDPR / Access Management Infrastructure
Telia Norge AS
7 years, 12 months
Doc renaming and organization suggestion
by Bill Burke
I suggest we rename Server Developer Guide to Keycloak (RH-SSO)
Developer Guide. We move all programmer related SPIs, REST interface
docs (token exchange), Client Registration, adapter SPIs, really
anything a developer would do to this guide.
Securing Apps should be specifically configuration tasks for securing
an application. Only things an admin would do and no developer
concerns should be there.
--
Bill Burke
Red Hat
7 years, 12 months
enable SSL and SSL policies out of the box?
by Bill Burke
I'm not sure, but I believe the latest Wildfly can auto create an SSL
certificate at boot time. Should we look into this prior to the end
of 3.4.1 and have realm SSL policies changed to reflect this? I never
liked the idea that SSL is turned off and realm SSL policies don't
require SSL by default.
--
Bill Burke
Red Hat
7 years, 12 months
Standalone boot slow...Clustering introduced by accident?
by Bill Burke
I was wondering if the CrossDC worked introduced clustering into
standalone.xml by accident? My standalone boot times are really slow
(60 seconds). I'll look into it after I finish up the documentation
I'm doing, but maybe somebody knows something right now?
Thanks
--
Bill Burke
Red Hat
7 years, 12 months
Allow additional attributes to be pushed into Freemarker templates (login and account themes) by extension developers
by Vlastimil Elias
Hi,
I was asked by Stian to post my proposal around
https://issues.jboss.org/browse/KEYCLOAK-2671 to be discussed here with
wider KC dev team.
What we need is to pass some additional attributes into Login and
Account freemarker templates as part of our extensions - eg. to
configure client side validations for registration form based on actual
authentication session. Other use case we need is selection of Theme
based on calling client.
There are already Login and Account Form providers which may be
customized (they are SPI), only problem is that current Freemarker
providers use private fields and methods, so it is hard to customize
them (I have to copy complete code which is hardly maintainable during
keycloak upgrades).
I believe we should resolve the problem by small refactoring of existing
FreeMarkerLoginProvider and FreeMarkerAccountProvider providers similar
you already done in FreeMarkerEmailTemplateProvider. So things like:
* change fields and methods from private to protected to allow
use/override in subclasses
* refactor some features to protected methods (eg. Template loading
from template provider - again, you did it in
FreeMarkerEmailTemplateProvider provider already) to allow override
in subclasses
* add one protected callback method called just before template and
attributes are passed to the freemarker engine for the processing -
this allow subclass simply add additional attributes to be passed
into template
Only bigger change (and blocker for one of our important features) is
passing of current AuthenticationSessionModel to the LoginFormsProvider
instance at all places where the form provider is called. This is really
missing now to be able customize GUI based on current client and
authentication flow needs.
I don't think those are big changes, but they will make life of
extension developers much easier.
I believe I'm able to provide pull request for this change if no better
solution will be found there by experienced KC dev team.
Thanks a lot in advance for any comments to my proposal.
Vlastimil
--
Vlastimil Elias
Principal Software Engineer, Middleware Engineering Services
Red Hat
7 years, 12 months
